[CVE-2019-0234] Reflected Cross-site Scripting (XSS) Vulnerabiulity in Apache Roller

[Dave <snoopdave () gmail com>]

Severity: Important

Vendor: The Apache Software Foundation

Versions affected: Roller 5.2, 5.2.1, 5.2.2. The unsupported pre-Roller 5.1
versions may also be affected.

Description: Roller's Math Comment Authenticator did not property sanitize
user input and could be exploited to perform Reflected Cross Site Scripting
(XSS).

Mitigation: The mitigation for this vulnerability is to upgrade to the
lastest version of Roller, which is now Roller 5.2.3.

Credit: This issue was discovered and reported by Muthukumar Marikani